[Security] Update ws dependency

[ericlewis]

Summary

Our ws dependency is super outdated, and is insecure. It is used for the websocket example code in RNTester. This PR updates the dependency, and removes undefined console.logs.

Changelog

[General] [Security] - Updates ws dependency to 6.4.1

Test Plan

run RNTester & ensure works, check integration test too.

[pull-bot]

	Warnings
⚠️	🔒 package.json - Changes were made to package.json. This will require a manual import by a Facebook employee.

Generated by 🚫 dangerJS against 058288e

[ericlewis]

And more specifically addresses this comment: react-native-community/discussions-and-proposals#64 (comment)

[radeno]

CLI, Metro and Detox depends on ^1.1.x.

They should be also updated. Doesn't they?
Multiple different versions makes bundle bloated, because every package have own dependencies versions bundled within.

When will be WS updated for RN it should be updated for CLI and Metro also. But Detox is little bit complicated because there was initiation for update, but it breaks theirs Jenkins CI.

[ericlewis]

I honestly think that we should not even have ws as a dependency in this repo for the only purpose of serving up a demo in RNTester, seems a little silly. Could we perhaps just remove instead?

[ericlewis]

I would also be happy to find another way to deal with the websockets, it’s a very small surface area.

[radeno]

@ericlewis i agree with you. I also think if it is not possible it should be moved into devDependencies because it is not necessary in production. Or is it required for CI with --production flag?

[cpojer]

Ah this is great, thanks for the change. Just for context, the reason it was probably in dependencies is because react-native depends on it through Metro, which uses websockets for HMR. This means that we will definitely need to upgrade Metro to use the latest version of ws if we want to get rid of the outdated one. Is this something you could do in a separate PR? Feel free to tag me if you do and I'll land it :)

[facebook-github-bot]

@cpojer has imported this pull request. If you are a Facebook employee, you can view this diff on Phabricator.

[facebook-github-bot]

I tried to merge this pull request into the Facebook internal repo but some checks failed. To unblock yourself please check the following: Does this pull request pass all open source tests on GitHub? If not please fix those. Does the code still apply cleanly on top of GitHub master? If not can please rebase. In all other cases this means some internal test failed, for example a part of a fb app won't work with this pull request. I've added the Import Failed label to this pull request so it is easy for someone at fb to find the pull request and check what failed. If you don't see anyone comment in a few days feel free to comment mentioning one of the core contributors to the project so they get a notification.

[react-native-bot]

@ericlewis merged commit a9c8e2c into facebook:master.